Fine Grained Password Policies
New in Windows Server 2008 Active Directory is a feature called fine grained password policies (FGPPs).In Server 2000 and 2003 Active Directory domains, you could apply only one password and account lockout policy to all users in the domain,so if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. In Windows Server 2008 you can use fine grained password policies to specify multiple password policies, apply different password restrictions and account lockout policies to different sets of users within a single domain.FGPPs become available once the domain has been promoted to Windows Server 2008 Domain Functional Level.
To store fine grained password policies, Windows Server 2008 includes two new object classes in the Active Directory Domain Services schema Password Settings Container and Password Settings. The Password Settings Container object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain. You cannot rename, move, or delete this container.Policies you create are represented by Password Setting Objects within Active Directory.